Hello,for study reasons I have to exploit an old apache webserver, version 1.3.I first scanned with nessus and metasploit, but it seems the only relevant exploits (who allow me, for example, to open a remote shell) rely on isapi module which is for windows versions...can you help me out please?

You can't just ask us this question and expect someone here to give you such an exploit... Penetration testing/ethical hacking requires lots of knowledge and skills that you can only acquire over time. You can't just go straight to running exploit agains't a web server...

However, if you try hard and post detail questions about something specific, you'll get a lot of help here. But not like this, especially on your first post...

Yes you're right, unfortunately expoliting apache is just the first step of my research, indeed my objective is observing the system UNDER this attack.

Anyway I'm doing some researches and I'd like to apply the chunked-encoding vulnerability (CVE-2002-0392) who could allow me to open a remote shell.For now I compiled an 1.3.0 version of apache on an ubuntu 12.04 system, anyway now I got my first question: according to this http://www.securityfocus.com/bid/5033 my ubuntu version is not in the target list...does that mean I have to install another version of linux or the exploit is still possible?

If it's for alsr and stack protection I can disable them.

If this exploit is still not possible could you point me to another apache vulnerability who could allow me to open a remote shell?

Last edited by phate867 on Mon Mar 11, 2013 6:59 am, edited 1 time in total.